Jump to content


Cryptoware/Cryptowall Warning and WGC

WGC Malware Ransomware

  • This topic is locked This topic is locked
1 reply to this topic

Mr_Deo #1 Posted 30 July 2019 - 03:29 PM

    Lieutenant

  • Player
  • 43443 battles
  • 1,835
  • [ESAF] ESAF
  • Member since:
    01-30-2012

Seems the WGC is trying to make outbound connections to a server in Germany that was once used for Cryptoware/Ransomware/Cryptowall (circa  late 2014 early 2015 until unknown).

148.251.128.156 is the IP, 6881 is the port.  What I can find/see is that in 2014/2015 it was used as a tor node specifically for this type of Malware.  After 2015 it was used to serve websites that were - again - malware laden.  After 2017/2018 I am not sure.  Ownership of the IP seems to have been in the same place since 2015 so I honestly wouldn't trust it.

 

It (the IP) seems to have about 15 listening services.  Multiple Database services, multiple proxy services, multiple torrent services, a few obscure file download services.

Many of the software packages I can see running are all 2-6 years out of date.

 

So Basically... WGC is trying to connect to a server once used to Tor malware, later used to serve malware, and now has a huge amount of crap on it that would indicate it's either a honeypot or totally compromised.

 

I have not looked at what data the WGC is sending.  The server itself seems to have a lot of issues.  WG should be ashamed to be using such a server.  The Port (6881) that WGC is trying to reach is either stealthed or non-functioning either, as it doesn't seem to listen.  Port 6881 is most likely the modified Torrent that WG is using for their downloads, not blacklisting that IP is a bad move.

 

Those who can block this IP range should.  Those who cant block it just suck it up :P.... 



Asklepi0s #2 Posted 31 July 2019 - 09:25 AM

    Moderator

  • Moderator
  • 10441 battles
  • 1,103
  • Member since:
    01-23-2017
Thread has been closed by the moderation team due to being non constructive.




1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users